Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I Have a Rootkit


  • This topic is locked This topic is locked
18 replies to this topic

#1 Justin711

Justin711

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 25 August 2012 - 05:30 PM

Here are the logs. I always get redirected at google and i cant use word, chrome or firefox.

Attached Files

  • Attached File  DDS.txt   17.89KB   5 downloads
  • Attached File  log.log   16.92KB   3 downloads


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 26 August 2012 - 11:40 AM

Please do the following:

download Farbar Recovery Scan Tool and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to the disclaimer.
[*]Place a check next to List Drivers MD5 as well as the default check marks that are already there
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]now press the search button
[*]when the search is complete, search.txt will also be written to your USB
[*]type exit and reboot the computer normally
[*]please copy and paste both logs in your reply.(FRST.txt and Search.txt)[/list]

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 27 August 2012 - 09:13 AM

I Dont have acsess to a flash drive until sunday, so i wont be abletopost th e logs until then.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 27 August 2012 - 11:11 AM

ok, in the mean time, run the following scan:

Refer to the ComboFix User's Guide

  • Download ComboFix from the following location:

    Link

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 28 August 2012 - 04:57 PM

I did the scan, and here is the log:

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 28 August 2012 - 05:32 PM

Please run the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System/TDSS File system is found then ensure Cure is selected (if cure is not available, choose skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 August 2012 - 07:33 PM

Here is the TDSSkiller log:
16:26:10.0411 5396 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
16:26:10.0737 5396 ============================================================
16:26:10.0737 5396 Current date / time: 2012/08/29 16:26:10.0737
16:26:10.0737 5396 SystemInfo:
16:26:10.0737 5396
16:26:10.0737 5396 OS Version: 6.0.6002 ServicePack: 2.0
16:26:10.0737 5396 Product type: Workstation
16:26:10.0737 5396 ComputerName: JUSTINANDMATT
16:26:10.0738 5396 UserName: Anthony
16:26:10.0738 5396 Windows directory: C:\Windows
16:26:10.0738 5396 System windows directory: C:\Windows
16:26:10.0738 5396 Processor architecture: Intel x86
16:26:10.0738 5396 Number of processors: 2
16:26:10.0738 5396 Page size: 0x1000
16:26:10.0738 5396 Boot type: Normal boot
16:26:10.0738 5396 ============================================================
16:26:12.0482 5396 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:26:12.0484 5396 ============================================================
16:26:12.0484 5396 \Device\Harddisk0\DR0:
16:26:12.0485 5396 MBR partitions:
16:26:12.0485 5396 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x2542D800
16:26:12.0485 5396 ============================================================
16:26:12.0505 5396 C: <-> \Device\Harddisk0\DR0\Partition1
16:26:12.0506 5396 ============================================================
16:26:12.0506 5396 Initialize success
16:26:12.0506 5396 ============================================================
16:26:24.0494 5340 ============================================================
16:26:24.0494 5340 Scan started
16:26:24.0494 5340 Mode: Manual; TDLFS;
16:26:24.0494 5340 ============================================================
16:26:25.0316 5340 ================ Scan system memory ========================
16:26:25.0316 5340 System memory - ok
16:26:25.0317 5340 ================ Scan services =============================
16:26:25.0474 5340 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:26:25.0479 5340 ACPI - ok
16:26:25.0538 5340 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:26:25.0540 5340 AdobeFlashPlayerUpdateSvc - ok
16:26:25.0583 5340 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:26:25.0586 5340 adp94xx - ok
16:26:25.0608 5340 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:26:25.0611 5340 adpahci - ok
16:26:25.0635 5340 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:26:25.0637 5340 adpu160m - ok
16:26:25.0737 5340 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:26:25.0739 5340 adpu320 - ok
16:26:25.0787 5340 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:26:25.0787 5340 AeLookupSvc - ok
16:26:25.0879 5340 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:26:25.0885 5340 AFD - ok
16:26:25.0922 5340 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:26:25.0923 5340 agp440 - ok
16:26:25.0966 5340 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:26:25.0967 5340 aic78xx - ok
16:26:26.0031 5340 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:26:26.0033 5340 ALG - ok
16:26:26.0048 5340 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys
16:26:26.0049 5340 aliide - ok
16:26:26.0066 5340 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:26:26.0067 5340 amdagp - ok
16:26:26.0083 5340 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys
16:26:26.0083 5340 amdide - ok
16:26:26.0097 5340 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:26:26.0098 5340 AmdK7 - ok
16:26:26.0108 5340 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:26:26.0109 5340 AmdK8 - ok
16:26:26.0156 5340 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:26:26.0158 5340 Appinfo - ok
16:26:26.0188 5340 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:26:26.0190 5340 arc - ok
16:26:26.0221 5340 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:26:26.0223 5340 arcsas - ok
16:26:26.0267 5340 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:26:26.0268 5340 AsyncMac - ok
16:26:26.0293 5340 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:26:26.0294 5340 atapi - ok
16:26:26.0322 5340 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:26:26.0325 5340 AudioEndpointBuilder - ok
16:26:26.0339 5340 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:26:26.0342 5340 Audiosrv - ok
16:26:26.0466 5340 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:26:26.0467 5340 Beep - ok
16:26:26.0511 5340 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:26:26.0518 5340 BFE - ok
16:26:26.0565 5340 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll
16:26:26.0573 5340 BITS - ok
16:26:26.0580 5340 blbdrive - ok
16:26:26.0605 5340 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:26:26.0607 5340 bowser - ok
16:26:26.0627 5340 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:26:26.0628 5340 BrFiltLo - ok
16:26:26.0644 5340 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:26:26.0645 5340 BrFiltUp - ok
16:26:26.0667 5340 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:26:26.0668 5340 Browser - ok
16:26:26.0690 5340 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:26:26.0691 5340 Brserid - ok
16:26:26.0712 5340 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:26:26.0713 5340 BrSerWdm - ok
16:26:26.0738 5340 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:26:26.0739 5340 BrUsbMdm - ok
16:26:26.0749 5340 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:26:26.0750 5340 BrUsbSer - ok
16:26:26.0809 5340 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files\Browny02\BrYNSvc.exe
16:26:26.0994 5340 BrYNSvc - ok
16:26:27.0033 5340 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:26:27.0033 5340 BTHMODEM - ok
16:26:27.0172 5340 catchme - ok
16:26:27.0208 5340 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:26:27.0210 5340 cdfs - ok
16:26:27.0229 5340 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:26:27.0231 5340 cdrom - ok
16:26:27.0268 5340 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:26:27.0270 5340 CertPropSvc - ok
16:26:27.0284 5340 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:26:27.0285 5340 circlass - ok
16:26:27.0299 5340 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:26:27.0304 5340 CLFS - ok
16:26:27.0358 5340 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:26:27.0360 5340 clr_optimization_v2.0.50727_32 - ok
16:26:27.0413 5340 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:26:27.0416 5340 clr_optimization_v4.0.30319_32 - ok
16:26:27.0439 5340 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:26:27.0440 5340 CmBatt - ok
16:26:27.0452 5340 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:26:27.0453 5340 cmdide - ok
16:26:27.0510 5340 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:26:27.0512 5340 Com4QLBEx - ok
16:26:27.0525 5340 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:26:27.0527 5340 Compbatt - ok
16:26:27.0534 5340 COMSysApp - ok
16:26:27.0552 5340 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:26:27.0553 5340 crcdisk - ok
16:26:27.0573 5340 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:26:27.0574 5340 Crusoe - ok
16:26:27.0607 5340 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:26:27.0609 5340 CryptSvc - ok
16:26:27.0651 5340 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:26:27.0658 5340 DcomLaunch - ok
16:26:27.0696 5340 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:26:27.0698 5340 DfsC - ok
16:26:27.0766 5340 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:26:27.0808 5340 DFSR - ok
16:26:27.0839 5340 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:26:27.0841 5340 Dhcp - ok
16:26:27.0863 5340 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:26:27.0864 5340 disk - ok
16:26:27.0889 5340 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:26:27.0892 5340 Dnscache - ok
16:26:27.0917 5340 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:26:27.0921 5340 dot3svc - ok
16:26:27.0971 5340 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
16:26:27.0975 5340 Dot4 - ok
16:26:28.0001 5340 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:26:28.0002 5340 Dot4Print - ok
16:26:28.0038 5340 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
16:26:28.0039 5340 dot4usb - ok
16:26:28.0066 5340 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:26:28.0070 5340 DPS - ok
16:26:28.0107 5340 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:26:28.0109 5340 drmkaud - ok
16:26:28.0144 5340 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:26:28.0161 5340 DXGKrnl - ok
16:26:28.0194 5340 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:26:28.0196 5340 E1G60 - ok
16:26:28.0224 5340 EagleXNt - ok
16:26:28.0250 5340 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:26:28.0252 5340 EapHost - ok
16:26:28.0284 5340 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:26:28.0287 5340 Ecache - ok
16:26:28.0334 5340 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:26:28.0340 5340 ehRecvr - ok
16:26:28.0368 5340 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:26:28.0371 5340 ehSched - ok
16:26:28.0376 5340 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:26:28.0377 5340 ehstart - ok
16:26:28.0410 5340 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:26:28.0416 5340 elxstor - ok
16:26:28.0454 5340 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:26:28.0471 5340 EMDMgmt - ok
16:26:28.0494 5340 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:26:28.0497 5340 EventSystem - ok
16:26:28.0537 5340 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:26:28.0540 5340 exfat - ok
16:26:28.0561 5340 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:26:28.0565 5340 fastfat - ok
16:26:28.0581 5340 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:26:28.0582 5340 fdc - ok
16:26:28.0606 5340 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:26:28.0608 5340 fdPHost - ok
16:26:28.0637 5340 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:26:28.0639 5340 FDResPub - ok
16:26:28.0662 5340 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:26:28.0664 5340 FileInfo - ok
16:26:28.0690 5340 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:26:28.0691 5340 Filetrace - ok
16:26:28.0710 5340 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:26:28.0711 5340 flpydisk - ok
16:26:28.0735 5340 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:26:28.0739 5340 FltMgr - ok
16:26:28.0797 5340 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:26:28.0823 5340 FontCache - ok
16:26:28.0869 5340 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:26:28.0870 5340 FontCache3.0.0.0 - ok
16:26:28.0912 5340 [ D909075FA72C090F27AA926C32CB4612 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:26:28.0914 5340 fssfltr - ok
16:26:28.0975 5340 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:26:29.0010 5340 fsssvc - ok
16:26:29.0033 5340 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:26:29.0034 5340 Fs_Rec - ok
16:26:29.0054 5340 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:26:29.0055 5340 gagp30kx - ok
16:26:29.0098 5340 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:26:29.0115 5340 gpsvc - ok
16:26:29.0151 5340 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:26:29.0156 5340 HdAudAddService - ok
16:26:29.0188 5340 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:26:29.0204 5340 HDAudBus - ok
16:26:29.0220 5340 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:26:29.0221 5340 HidBth - ok
16:26:29.0236 5340 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:26:29.0237 5340 HidIr - ok
16:26:29.0249 5340 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
16:26:29.0251 5340 hidserv - ok
16:26:29.0274 5340 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:26:29.0276 5340 HidUsb - ok
16:26:29.0302 5340 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:26:29.0305 5340 hkmsvc - ok
16:26:29.0355 5340 [ 89F9E1984C1CD9E5F4FE39642D886E11 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
16:26:29.0356 5340 HP Health Check Service - ok
16:26:29.0367 5340 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:26:29.0369 5340 HpCISSs - ok
16:26:29.0437 5340 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:26:29.0439 5340 hpqcxs08 - ok
16:26:29.0470 5340 [ 7DA3211AC63EDD90B8ECA1CA1ABFD43B ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:26:29.0627 5340 hpqddsvc - ok
16:26:29.0673 5340 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:26:29.0674 5340 HpqKbFiltr - ok
16:26:29.0700 5340 [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid C:\Windows\system32\DRIVERS\HpqRemHid.sys
16:26:29.0701 5340 HpqRemHid - ok
16:26:29.0728 5340 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:26:29.0730 5340 hpqwmiex - ok
16:26:29.0767 5340 [ 14229263AA19C704E0D6D2E7404A8455 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
16:26:29.0773 5340 HPSLPSVC - ok
16:26:29.0813 5340 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:26:29.0821 5340 HTTP - ok
16:26:29.0838 5340 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:26:29.0839 5340 i2omp - ok
16:26:29.0880 5340 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:26:29.0882 5340 i8042prt - ok
16:26:29.0904 5340 IAANTMON - ok
16:26:29.0910 5340 iaStor - ok
16:26:29.0936 5340 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:26:29.0938 5340 iaStorV - ok
16:26:30.0007 5340 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:26:30.0032 5340 idsvc - ok
16:26:30.0056 5340 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:26:30.0057 5340 iirsp - ok
16:26:30.0095 5340 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:26:30.0100 5340 IKEEXT - ok
16:26:30.0181 5340 [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:26:30.0201 5340 IntcAzAudAddService - ok
16:26:30.0229 5340 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:26:30.0230 5340 intelide - ok
16:26:30.0249 5340 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:26:30.0250 5340 intelppm - ok
16:26:30.0271 5340 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:26:30.0273 5340 IPBusEnum - ok
16:26:30.0304 5340 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:26:30.0306 5340 IpFilterDriver - ok
16:26:30.0332 5340 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:26:30.0335 5340 iphlpsvc - ok
16:26:30.0341 5340 IpInIp - ok
16:26:30.0366 5340 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:26:30.0368 5340 IPMIDRV - ok
16:26:30.0406 5340 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:26:30.0409 5340 IPNAT - ok
16:26:30.0430 5340 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:26:30.0432 5340 IRENUM - ok
16:26:30.0455 5340 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:26:30.0456 5340 isapnp - ok
16:26:30.0498 5340 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:26:30.0501 5340 iScsiPrt - ok
16:26:30.0521 5340 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:26:30.0522 5340 iteatapi - ok
16:26:30.0547 5340 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:26:30.0548 5340 iteraid - ok
16:26:30.0569 5340 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:26:30.0571 5340 kbdclass - ok
16:26:30.0587 5340 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:26:30.0588 5340 kbdhid - ok
16:26:30.0611 5340 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:26:30.0613 5340 KeyIso - ok
16:26:30.0647 5340 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:26:30.0662 5340 KSecDD - ok
16:26:30.0732 5340 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:26:30.0740 5340 KtmRm - ok
16:26:30.0766 5340 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
16:26:30.0771 5340 LanmanServer - ok
16:26:30.0798 5340 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:26:30.0805 5340 LanmanWorkstation - ok
16:26:30.0823 5340 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:26:30.0825 5340 lltdio - ok
16:26:30.0850 5340 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:26:30.0856 5340 lltdsvc - ok
16:26:30.0915 5340 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:26:30.0917 5340 lmhosts - ok
16:26:30.0963 5340 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:26:30.0964 5340 LSI_FC - ok
16:26:31.0002 5340 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:26:31.0003 5340 LSI_SAS - ok
16:26:31.0043 5340 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:26:31.0044 5340 LSI_SCSI - ok
16:26:31.0078 5340 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:26:31.0080 5340 luafv - ok
16:26:31.0120 5340 [ 0DB7527DB188C7D967A37BB51BBF3963 ] MBAMSwissArmy C:\Windows\system32\drivers\mbamswissarmy.sys
16:26:31.0121 5340 MBAMSwissArmy - ok
16:26:31.0143 5340 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:26:31.0146 5340 Mcx2Svc - ok
16:26:31.0173 5340 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:26:31.0174 5340 megasas - ok
16:26:31.0214 5340 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
16:26:31.0215 5340 Microsoft Office Groove Audit Service - ok
16:26:31.0228 5340 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:26:31.0231 5340 MMCSS - ok
16:26:31.0253 5340 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:26:31.0255 5340 Modem - ok
16:26:31.0286 5340 [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA C:\Windows\system32\drivers\MODEMCSA.sys
16:26:31.0287 5340 MODEMCSA - ok
16:26:31.0313 5340 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:26:31.0314 5340 monitor - ok
16:26:31.0333 5340 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:26:31.0335 5340 mouclass - ok
16:26:31.0356 5340 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:26:31.0357 5340 mouhid - ok
16:26:31.0376 5340 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:26:31.0378 5340 MountMgr - ok
16:26:31.0418 5340 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:26:31.0421 5340 MozillaMaintenance - ok
16:26:31.0441 5340 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
16:26:31.0445 5340 MpFilter - ok
16:26:31.0472 5340 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:26:31.0474 5340 mpio - ok
16:26:31.0579 5340 [ A69630D039C38018689190234F866D77 ] MpKsl53a8f106 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CFC567E0-5197-4884-98EA-2229E26CDF98}\MpKsl53a8f106.sys
16:26:31.0580 5340 MpKsl53a8f106 - ok
16:26:31.0594 5340 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:26:31.0596 5340 mpsdrv - ok
16:26:31.0627 5340 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:26:31.0644 5340 MpsSvc - ok
16:26:31.0681 5340 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:26:31.0682 5340 Mraid35x - ok
16:26:31.0706 5340 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:26:31.0709 5340 MRxDAV - ok
16:26:31.0733 5340 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:26:31.0735 5340 mrxsmb - ok
16:26:31.0748 5340 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:26:31.0753 5340 mrxsmb10 - ok
16:26:31.0769 5340 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:26:31.0772 5340 mrxsmb20 - ok
16:26:31.0785 5340 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
16:26:31.0786 5340 msahci - ok
16:26:31.0806 5340 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:26:31.0809 5340 msdsm - ok
16:26:31.0833 5340 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:26:31.0837 5340 MSDTC - ok
16:26:31.0858 5340 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:26:31.0859 5340 Msfs - ok
16:26:31.0896 5340 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:26:31.0898 5340 msisadrv - ok
16:26:31.0935 5340 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:26:31.0939 5340 MSiSCSI - ok
16:26:31.0945 5340 msiserver - ok
16:26:31.0978 5340 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:26:31.0980 5340 MSKSSRV - ok
16:26:32.0011 5340 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
16:26:32.0012 5340 MsMpSvc - ok
16:26:32.0046 5340 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:26:32.0048 5340 MSPCLOCK - ok
16:26:32.0064 5340 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:26:32.0065 5340 MSPQM - ok
16:26:32.0081 5340 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:26:32.0084 5340 MsRPC - ok
16:26:32.0107 5340 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:26:32.0108 5340 mssmbios - ok
16:26:32.0114 5340 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:26:32.0116 5340 MSTEE - ok
16:26:32.0130 5340 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:26:32.0132 5340 Mup - ok
16:26:32.0152 5340 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:26:32.0161 5340 napagent - ok
16:26:32.0189 5340 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:26:32.0192 5340 NativeWifiP - ok
16:26:32.0229 5340 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:26:32.0234 5340 NDIS - ok
16:26:32.0257 5340 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:26:32.0259 5340 NdisTapi - ok
16:26:32.0278 5340 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:26:32.0279 5340 Ndisuio - ok
16:26:32.0301 5340 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:26:32.0304 5340 NdisWan - ok
16:26:32.0329 5340 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:26:32.0331 5340 NDProxy - ok
16:26:32.0367 5340 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:26:32.0368 5340 Net Driver HPZ12 - ok
16:26:32.0393 5340 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:26:32.0395 5340 NetBIOS - ok
16:26:32.0425 5340 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:26:32.0429 5340 netbt - ok
16:26:32.0435 5340 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:26:32.0438 5340 Netlogon - ok
16:26:32.0469 5340 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:26:32.0473 5340 Netman - ok
16:26:32.0503 5340 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:26:32.0509 5340 netprofm - ok
16:26:32.0548 5340 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:26:32.0551 5340 NetTcpPortSharing - ok
16:26:32.0719 5340 [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
16:26:32.0749 5340 NETw5v32 - ok
16:26:32.0791 5340 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:26:32.0792 5340 nfrd960 - ok
16:26:32.0821 5340 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:26:32.0823 5340 NisDrv - ok
16:26:32.0859 5340 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
16:26:32.0864 5340 NisSrv - ok
16:26:32.0884 5340 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:26:32.0889 5340 NlaSvc - ok
16:26:32.0895 5340 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:26:32.0897 5340 Npfs - ok
16:26:32.0922 5340 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:26:32.0925 5340 nsi - ok
16:26:32.0942 5340 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:26:32.0944 5340 nsiproxy - ok
16:26:32.0988 5340 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:26:33.0013 5340 Ntfs - ok
16:26:33.0030 5340 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:26:33.0031 5340 ntrigdigi - ok
16:26:33.0054 5340 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:26:33.0056 5340 Null - ok
16:26:33.0286 5340 [ 24000B817CC84AC1555F41929879AF5A ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:26:33.0368 5340 nvlddmkm - ok
16:26:33.0437 5340 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:26:33.0440 5340 nvraid - ok
16:26:33.0468 5340 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:26:33.0469 5340 nvstor - ok
16:26:33.0488 5340 [ C4D17F11526F87BC762F31DA5BD2580B ] nvsvc C:\Windows\system32\nvvsvc.exe
16:26:33.0491 5340 nvsvc - ok
16:26:33.0516 5340 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:26:33.0517 5340 nv_agp - ok
16:26:33.0567 5340 [ 8261CA50939F83B87C0E474C51C8EF67 ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys
16:26:33.0569 5340 NWADI - ok
16:26:33.0575 5340 NwlnkFlt - ok
16:26:33.0582 5340 NwlnkFwd - ok
16:26:33.0632 5340 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBModem C:\Windows\system32\DRIVERS\nwusbmdm.sys
16:26:33.0634 5340 NWUSBModem - ok
16:26:33.0678 5340 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort C:\Windows\system32\DRIVERS\nwusbser.sys
16:26:33.0680 5340 NWUSBPort - ok
16:26:33.0695 5340 [ B7112F30D7EFF4B5052EBA879F46228F ] NWUSBPort2 C:\Windows\system32\DRIVERS\nwusbser2.sys
16:26:33.0697 5340 NWUSBPort2 - ok
16:26:33.0779 5340 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:26:33.0788 5340 odserv - ok
16:26:33.0827 5340 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:26:33.0829 5340 ohci1394 - ok
16:26:33.0851 5340 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:26:33.0853 5340 ose - ok
16:26:33.0897 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:26:33.0914 5340 p2pimsvc - ok
16:26:33.0927 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:26:33.0934 5340 p2psvc - ok
16:26:33.0946 5340 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
16:26:33.0947 5340 Parport - ok
16:26:33.0974 5340 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:26:33.0976 5340 partmgr - ok
16:26:33.0995 5340 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
16:26:33.0997 5340 Parvdm - ok
16:26:34.0020 5340 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:26:34.0023 5340 PcaSvc - ok
16:26:34.0053 5340 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:26:34.0056 5340 pci - ok
16:26:34.0073 5340 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys
16:26:34.0074 5340 pciide - ok
16:26:34.0096 5340 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:26:34.0100 5340 pcmcia - ok
16:26:34.0143 5340 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:26:34.0170 5340 PEAUTH - ok
16:26:34.0248 5340 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:26:34.0290 5340 pla - ok
16:26:34.0318 5340 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:26:34.0324 5340 PlugPlay - ok
16:26:34.0363 5340 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:26:34.0366 5340 Pml Driver HPZ12 - ok
16:26:34.0381 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:26:34.0388 5340 PNRPAutoReg - ok
16:26:34.0402 5340 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:26:34.0409 5340 PNRPsvc - ok
16:26:34.0431 5340 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:26:34.0448 5340 PolicyAgent - ok
16:26:34.0465 5340 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:26:34.0467 5340 PptpMiniport - ok
16:26:34.0489 5340 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:26:34.0490 5340 Processor - ok
16:26:34.0523 5340 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:26:34.0528 5340 ProfSvc - ok
16:26:34.0539 5340 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:26:34.0540 5340 ProtectedStorage - ok
16:26:34.0565 5340 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:26:34.0568 5340 PSched - ok
16:26:34.0634 5340 [ F3775745CBEEDC8E4690D822FE669BF5 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
16:26:34.0653 5340 QBCFMonitorService - ok
16:26:34.0707 5340 [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
16:26:34.0729 5340 QBFCService - ok
16:26:34.0786 5340 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:26:34.0794 5340 ql2300 - ok
16:26:34.0819 5340 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:26:34.0822 5340 ql40xx - ok
16:26:34.0860 5340 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:26:34.0867 5340 QWAVE - ok
16:26:34.0890 5340 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:26:34.0892 5340 QWAVEdrv - ok
16:26:34.0915 5340 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:26:34.0916 5340 RasAcd - ok
16:26:34.0943 5340 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:26:34.0947 5340 RasAuto - ok
16:26:34.0969 5340 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:26:34.0972 5340 Rasl2tp - ok
16:26:35.0002 5340 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:26:35.0009 5340 RasMan - ok
16:26:35.0033 5340 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:26:35.0035 5340 RasPppoe - ok
16:26:35.0049 5340 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:26:35.0052 5340 RasSstp - ok
16:26:35.0073 5340 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:26:35.0078 5340 rdbss - ok
16:26:35.0086 5340 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:26:35.0088 5340 RDPCDD - ok
16:26:35.0113 5340 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:26:35.0117 5340 rdpdr - ok
16:26:35.0123 5340 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:26:35.0125 5340 RDPENCDD - ok
16:26:35.0158 5340 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:26:35.0162 5340 RDPWD - ok
16:26:35.0191 5340 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:26:35.0194 5340 RemoteAccess - ok
16:26:35.0220 5340 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:26:35.0225 5340 RemoteRegistry - ok
16:26:35.0256 5340 [ C35CA13D3627EBD9DD12A23CE781BC3D ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:26:35.0257 5340 rimmptsk - ok
16:26:35.0264 5340 [ C398BCA91216755B098679A8DA8A2300 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:26:35.0265 5340 rimsptsk - ok
16:26:35.0270 5340 RimUsb - ok
16:26:35.0308 5340 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial.sys
16:26:35.0310 5340 RimVSerPort - ok
16:26:35.0326 5340 [ 2A2554CB24506E0A0508FC395C4A1B42 ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:26:35.0327 5340 rismxdp - ok
16:26:35.0339 5340 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
16:26:35.0341 5340 ROOTMODEM - ok
16:26:35.0361 5340 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:26:35.0364 5340 RpcLocator - ok
16:26:35.0389 5340 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:26:35.0395 5340 RpcSs - ok
16:26:35.0429 5340 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:26:35.0430 5340 rspndr - ok
16:26:35.0461 5340 [ 283392AF1860ECDB5E0F8EBD7F3D72DF ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:26:35.0462 5340 RTL8169 - ok
16:26:35.0468 5340 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:26:35.0470 5340 SamSs - ok
16:26:35.0500 5340 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:26:35.0501 5340 sbp2port - ok
16:26:35.0527 5340 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:26:35.0532 5340 SCardSvr - ok
16:26:35.0564 5340 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:26:35.0572 5340 Schedule - ok
16:26:35.0622 5340 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:26:35.0623 5340 SCPolicySvc - ok
16:26:35.0634 5340 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:26:35.0637 5340 sdbus - ok
16:26:35.0663 5340 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:26:35.0668 5340 SDRSVC - ok
16:26:35.0684 5340 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:26:35.0685 5340 secdrv - ok
16:26:35.0711 5340 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:26:35.0714 5340 seclogon - ok
16:26:35.0726 5340 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
16:26:35.0729 5340 SENS - ok
16:26:35.0743 5340 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
16:26:35.0745 5340 Serenum - ok
16:26:35.0760 5340 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
16:26:35.0761 5340 Serial - ok
16:26:35.0774 5340 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:26:35.0775 5340 sermouse - ok
16:26:35.0806 5340 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:26:35.0810 5340 SessionEnv - ok
16:26:35.0829 5340 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:26:35.0830 5340 sffdisk - ok
16:26:35.0846 5340 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:26:35.0847 5340 sffp_mmc - ok
16:26:35.0861 5340 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:26:35.0862 5340 sffp_sd - ok
16:26:35.0877 5340 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:26:35.0878 5340 sfloppy - ok
16:26:35.0902 5340 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:26:35.0909 5340 SharedAccess - ok
16:26:35.0942 5340 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:26:35.0946 5340 ShellHWDetection - ok
16:26:35.0963 5340 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:26:35.0965 5340 sisagp - ok
16:26:35.0974 5340 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:26:35.0975 5340 SiSRaid2 - ok
16:26:35.0999 5340 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:26:36.0001 5340 SiSRaid4 - ok
16:26:36.0263 5340 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:26:36.0338 5340 slsvc - ok
16:26:36.0371 5340 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:26:36.0374 5340 SLUINotify - ok
16:26:36.0402 5340 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:26:36.0404 5340 Smb - ok
16:26:36.0450 5340 [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
16:26:36.0460 5340 smserial - ok
16:26:36.0494 5340 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:26:36.0498 5340 SNMPTRAP - ok
16:26:36.0523 5340 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:26:36.0525 5340 spldr - ok
16:26:36.0548 5340 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:26:36.0552 5340 Spooler - ok
16:26:36.0584 5340 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:26:36.0590 5340 srv - ok
16:26:36.0620 5340 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:26:36.0624 5340 srv2 - ok
16:26:36.0635 5340 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:26:36.0638 5340 srvnet - ok
16:26:36.0660 5340 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:26:36.0664 5340 SSDPSRV - ok
16:26:36.0710 5340 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:26:36.0715 5340 SstpSvc - ok
16:26:36.0746 5340 [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
16:26:36.0747 5340 StillCam - ok
16:26:36.0770 5340 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:26:36.0788 5340 stisvc - ok
16:26:36.0796 5340 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:26:36.0797 5340 swenum - ok
16:26:36.0840 5340 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:26:36.0856 5340 swprv - ok
16:26:36.0881 5340 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:26:36.0882 5340 Symc8xx - ok
16:26:36.0898 5340 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:26:36.0900 5340 Sym_hi - ok
16:26:36.0914 5340 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:26:36.0916 5340 Sym_u3 - ok
16:26:36.0944 5340 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:26:36.0951 5340 SysMain - ok
16:26:36.0969 5340 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:26:36.0973 5340 TabletInputService - ok
16:26:36.0991 5340 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:26:36.0998 5340 TapiSrv - ok
16:26:37.0017 5340 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:26:37.0021 5340 TBS - ok
16:26:37.0057 5340 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:26:37.0083 5340 Tcpip - ok
16:26:37.0111 5340 [ 16731B631F28F63CD9F4CB60940E7DDD ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:26:37.0118 5340 Tcpip6 - ok
16:26:37.0128 5340 [ 3FC13F09AF9BE487C7B4FAC4070A036C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:26:37.0129 5340 tcpipreg - ok
16:26:37.0159 5340 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:26:37.0160 5340 TDPIPE - ok
16:26:37.0180 5340 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:26:37.0182 5340 TDTCP - ok
16:26:37.0198 5340 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:26:37.0201 5340 tdx - ok
16:26:37.0226 5340 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:26:37.0228 5340 TermDD - ok
16:26:37.0258 5340 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:26:37.0275 5340 TermService - ok
16:26:37.0299 5340 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:26:37.0303 5340 Themes - ok
16:26:37.0319 5340 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:26:37.0321 5340 THREADORDER - ok
16:26:37.0346 5340 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:26:37.0350 5340 TrkWks - ok
16:26:37.0388 5340 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:26:37.0389 5340 TrustedInstaller - ok
16:26:37.0408 5340 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:26:37.0410 5340 tssecsrv - ok
16:26:37.0431 5340 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:26:37.0433 5340 tunmp - ok
16:26:37.0456 5340 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:26:37.0457 5340 tunnel - ok
16:26:37.0484 5340 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:26:37.0485 5340 uagp35 - ok
16:26:37.0516 5340 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:26:37.0521 5340 udfs - ok
16:26:37.0555 5340 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:26:37.0559 5340 UI0Detect - ok
16:26:37.0577 5340 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:26:37.0578 5340 uliagpkx - ok
16:26:37.0629 5340 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:26:37.0634 5340 uliahci - ok
16:26:37.0655 5340 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:26:37.0658 5340 UlSata - ok
16:26:37.0686 5340 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:26:37.0689 5340 ulsata2 - ok
16:26:37.0716 5340 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:26:37.0718 5340 umbus - ok
16:26:37.0735 5340 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:26:37.0740 5340 upnphost - ok
16:26:37.0777 5340 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:26:37.0779 5340 usbccgp - ok
16:26:37.0804 5340 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:26:37.0806 5340 usbcir - ok
16:26:37.0840 5340 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:26:37.0841 5340 usbehci - ok
16:26:37.0864 5340 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:26:37.0868 5340 usbhub - ok
16:26:37.0883 5340 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:26:37.0885 5340 usbohci - ok
16:26:37.0908 5340 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:26:37.0910 5340 usbprint - ok
16:26:37.0940 5340 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:26:37.0941 5340 usbscan - ok
16:26:37.0963 5340 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:26:37.0965 5340 USBSTOR - ok
16:26:37.0998 5340 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:26:37.0999 5340 usbuhci - ok
16:26:38.0031 5340 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:26:38.0034 5340 usbvideo - ok
16:26:38.0060 5340 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:26:38.0063 5340 UxSms - ok
16:26:38.0094 5340 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:26:38.0111 5340 vds - ok
16:26:38.0150 5340 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:26:38.0152 5340 vga - ok
16:26:38.0179 5340 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:26:38.0180 5340 VgaSave - ok
16:26:38.0198 5340 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:26:38.0199 5340 viaagp - ok
16:26:38.0217 5340 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:26:38.0220 5340 ViaC7 - ok
16:26:38.0233 5340 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys
16:26:38.0234 5340 viaide - ok
16:26:38.0250 5340 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:26:38.0252 5340 volmgr - ok
16:26:38.0289 5340 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:26:38.0296 5340 volmgrx - ok
16:26:38.0321 5340 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:26:38.0326 5340 volsnap - ok
16:26:38.0350 5340 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:26:38.0353 5340 vsmraid - ok
16:26:38.0397 5340 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:26:38.0431 5340 VSS - ok
16:26:38.0464 5340 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:26:38.0480 5340 W32Time - ok
16:26:38.0504 5340 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:26:38.0506 5340 WacomPen - ok
16:26:38.0535 5340 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:26:38.0537 5340 Wanarp - ok
16:26:38.0542 5340 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:26:38.0543 5340 Wanarpv6 - ok
16:26:38.0561 5340 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:26:38.0579 5340 wcncsvc - ok
16:26:38.0606 5340 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:26:38.0610 5340 WcsPlugInService - ok
16:26:38.0651 5340 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:26:38.0652 5340 Wd - ok
16:26:38.0691 5340 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:26:38.0706 5340 Wdf01000 - ok
16:26:38.0755 5340 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:26:38.0759 5340 WdiServiceHost - ok
16:26:38.0763 5340 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:26:38.0767 5340 WdiSystemHost - ok
16:26:38.0798 5340 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:26:38.0805 5340 WebClient - ok
16:26:38.0825 5340 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:26:38.0831 5340 Wecsvc - ok
16:26:38.0856 5340 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:26:38.0861 5340 wercplsupport - ok
16:26:38.0886 5340 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:26:38.0892 5340 WerSvc - ok
16:26:38.0939 5340 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:26:38.0944 5340 WinDefend - ok
16:26:38.0984 5340 [ 94E4312D546048BF31604A8B2AD13FC0 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
16:26:38.0986 5340 WinDriver6 - ok
16:26:38.0990 5340 WinHttpAutoProxySvc - ok
16:26:39.0031 5340 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:26:39.0033 5340 Winmgmt - ok
16:26:39.0079 5340 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:26:39.0112 5340 WinRM - ok
16:26:39.0149 5340 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:26:39.0157 5340 Wlansvc - ok
16:26:39.0234 5340 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:26:39.0236 5340 wlcrasvc - ok
16:26:39.0322 5340 [ 0A70F4022EC2E14C159EFC4F69AA2477 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:26:39.0336 5340 wlidsvc - ok
16:26:39.0360 5340 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:26:39.0361 5340 WmiAcpi - ok
16:26:39.0386 5340 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:26:39.0389 5340 wmiApSrv - ok
16:26:39.0435 5340 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:26:39.0461 5340 WMPNetworkSvc - ok
16:26:39.0485 5340 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:26:39.0491 5340 WPCSvc - ok
16:26:39.0521 5340 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:26:39.0525 5340 WPDBusEnum - ok
16:26:39.0567 5340 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
16:26:39.0569 5340 WpdUsb - ok
16:26:39.0636 5340 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:26:39.0662 5340 WPFFontCache_v0400 - ok
16:26:39.0710 5340 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:26:39.0712 5340 ws2ifsl - ok
16:26:39.0741 5340 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
16:26:39.0744 5340 wscsvc - ok
16:26:39.0778 5340 [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
16:26:39.0779 5340 WSDPrintDevice - ok
16:26:39.0785 5340 WSearch - ok
16:26:39.0851 5340 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:26:39.0895 5340 wuauserv - ok
16:26:39.0938 5340 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:26:39.0941 5340 WUDFRd - ok
16:26:39.0972 5340 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:26:39.0976 5340 wudfsvc - ok
16:26:39.0988 5340 ================ Scan global ===============================
16:26:40.0000 5340 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:26:40.0036 5340 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:26:40.0061 5340 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:26:40.0089 5340 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:26:40.0093 5340 [Global] - ok
16:26:40.0094 5340 ================ Scan MBR ==================================
16:26:40.0106 5340 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:26:40.0734 5340 \Device\Harddisk0\DR0 - ok
16:26:40.0734 5340 ================ Scan VBR ==================================
16:26:40.0738 5340 [ C337C7A02F2E66B037D7FCC260A976EE ] \Device\Harddisk0\DR0\Partition1
16:26:40.0740 5340 \Device\Harddisk0\DR0\Partition1 - ok
16:26:40.0741 5340 ============================================================
16:26:40.0741 5340 Scan finished
16:26:40.0741 5340 ============================================================
16:26:40.0755 5192 Detected object count: 0
16:26:40.0755 5192 Actual detected object count: 0


Here is the MalwareBytes AntiMalware log:

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.29.09

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Anthony :: JUSTINANDMATT [administrator]

Protection: Enabled

8/29/2012 4:32:18 PM
mbam-log-2012-08-29 (16-32-18).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203249
Time elapsed: 7 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Here is the ESET log:

C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\Anthony\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111029091541148.rsc multiple threats

#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 29 August 2012 - 07:48 PM

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

File::
C:\ProgramData\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll 
C:\Users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll 
C:\Users\Anthony\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111029091541148.rsc 

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


NEXT

  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List installed programs.

Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

NEXT


Please download Farbar Service Scanner to your desktop and run it.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



NEXT



Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 August 2012 - 08:23 PM

After running these programs, i still cant open firefox word, or chrome, but i dont get redirected anymore. the computer is running fine.



MiniToolBox by Farbar Version: 23-07-2012
Ran by Anthony (administrator) on 29-08-2012 at 21:21:47
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

127.0.0.1 localhost


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
7300_Help (Version: 82.0.242.000)
7300Trb (Version: 82.0.242.000)
7400 (Version: 82.0.242.000)
8500A909_eDocs (Version: 1.00.0000)
8500A909_Help (Version: 1.00.0000)
8500A909n (Version: 50.0.165.000)
Acrobat.com (Version: 2.0.0)
Acrobat.com (Version: 2.0.0.0)
Adobe AIR (Version: 1.5.3.9120)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 9.5.2 (Version: 9.5.2)
AIO_CDB_ProductContext (Version: 82.0.242.000)
AIO_CDB_Software (Version: 82.0.242.000)
AIO_Scan (Version: 82.0.173.000)
Application Verifier (Version: 4.1.1078)
BPD_DSWizards (Version: 1.00.0000)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
Brother MFL-Pro Suite MFC-9460CDN (Version: 1.0.21.0)
BufferChm (Version: 120.0.194.000)
Combat Arms
CyberLink YouCam (Version: 1.0.2117)
D3DX10 (Version: 15.4.2368.0902)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DocMgr (Version: 120.0.000.000)
DocProc (Version: 12.0.0.0)
DocProcQFolder (Version: 1.00.0000)
ESET Online Scanner v3
eSupportQFolder (Version: 1.00.0000)
Fax (Version: 120.0.194.000)
Google Chrome (Version: 21.0.1180.83)
GPBaseService2 (Version: 130.0.371.000)
HP Active Support Library (Version: 3.1.6.1)
HP Customer Participation Program 12.0 (Version: 12.0)
HP Document Manager 2.0 (Version: 2.0)
HP Help and Support (Version: 2.0.10.0)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (Version: 8.0)
HP Product Detection (Version: 10.7.9.0)
HP Quick Launch Buttons 6.40 H2 (Version: 6.40 H2)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
HPNetworkAssistant (Version: 1.1.70)
HPProductAssistant (Version: 130.0.371.000)
Internet Explorer (Enable DEP)
J2SE Runtime Environment 5.0 Update 17 (Version: 1.5.0.170)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (Version: 7.0.50)
JavaFX 2.1.1 (Version: 2.1.1)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
MarketResearch (Version: 120.0.226.000)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook Connector (Version: 14.0.5118.5000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Windows Performance Toolkit (Version: 4.8.0)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 (7.1) (Version: 7.1.7600.0.30514)
Microsoft Windows SDK for Windows 7 Common Utilities (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Samples (30514) (Version: 7.1.30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514) (Version: 7.1.30514)
Mobile Broadband Generic Drivers (Version: 2.03.06.002.14)
Motorola SM56 Speakerphone Modem (Version: 6.12.25.06)
Mozilla Firefox 14.0.1 (x86 en-US) (Version: 14.0.1)
Mozilla Maintenance Service (Version: 14.0.1)
MPM (Version: 1.00.0000)
MSVCRT (Version: 15.4.2862.0708)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 120.0.194.000)
Nexon Game Manager
Nuance OmniPage 17 (Version: 17.0.0000)
NVIDIA Drivers (Version: 1.10)
OCR Software by I.R.I.S. 12.0 (Version: 12.0)
Officejet Pro 8500 A909 Series (Version: 12.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Paint.NET v3.5.10 (Version: 3.60.0)
Pando Media Booster (Version: 2.6.0.1)
ProductContext (Version: 50.0.165.000)
PVSonyDll (Version: 1.00.0001)
QuickBooks (Version: 19.0.4012.705)
QuickBooks Pro 2009 (Version: 19.0.4012.705)
QuickTime (Version: 7.71.80.42)
Realtek High Definition Audio Driver (Version: 6.0.1.5869)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02 (Version: 3.52.02)
ROBLOX Player for Anthony
ROBLOX Studio 2.0 Beta for Anthony
ROBLOX Studio for Anthony
RoboForm 7-7-2 (All Users) (Version: 7-7-2)
RuneScape Launcher 1.2 (Version: 1.2.0)
Scan (Version: 12.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 120.0.194.000)
SugarSync Manager (Version: 1.9.71.94365)
SupportSoft Assisted Service (Version: 15)
SwiftKit
Toolbox (Version: 120.0.194.000)
Toolbox (Version: 82.0.173.000)
TrayApp (Version: 120.0.194.000)
UnloadSupport (Version: 11.0.0)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Verizon Wireless USB720-V740 Firmware Updates (Version: 1.0.1)
Verizon Wireless USB727 Firmware Updates (Version: 1.0.0)
Visual Studio 2005 Tools for Office Second Edition Runtime
WebReg (Version: 120.0.194.000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3502.0922)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3502.0922)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (Version: 4.11.0)
Yrefresher 1.00

**** End of log ****





ComboFix 12-08-29.03 - Anthony 08/29/2012 21:10:14.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1535 [GMT -4:00]
Running from: c:\users\Anthony\Desktop\ComboFix.exe
Command switches used :: c:\users\Anthony\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll"
"c:\users\All Users\Tarma Installer\{DE3B7BF9-0770-4104-BC0B-B1CCCCE2F053}\_Setupx.dll"
"c:\users\Anthony\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111029091541148.rsc"
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 01:16 . 2012-08-30 01:17 -------- d-----w- c:\users\Anthony\AppData\Local\temp
2012-08-30 01:16 . 2012-08-30 01:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-30 00:36 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{18FFE48B-448E-4A35-B000-64DAE7C27BF6}\mpengine.dll
2012-08-29 20:44 . 2012-08-29 20:44 -------- d-----w- c:\program files\ESET
2012-08-29 20:30 . 2012-08-29 20:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-29 20:30 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-25 21:44 . 2012-08-01 22:51 7023536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-25 01:29 . 2012-08-25 01:29 -------- d-----w- c:\users\Anthony\AppData\Roaming\Malwarebytes
2012-08-25 01:28 . 2012-08-25 01:28 -------- d-----w- c:\programdata\Malwarebytes
2012-08-25 00:16 . 2012-08-25 00:16 -------- d-----w- c:\users\Anthony\AppData\Local\ElevatedDiagnostics
2012-08-16 07:04 . 2012-06-29 00:10 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-08-16 07:04 . 2012-06-29 00:08 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-16 07:04 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 08:37 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-12 13:02 . 2012-08-12 13:58 -------- d-----w- c:\programdata\Package Cache
2012-08-02 20:56 . 2012-08-02 20:56 -------- d-----w- c:\users\Anthony\AppData\Local\Freecorder 6 Video
2012-08-02 20:52 . 2012-08-02 20:54 -------- d-----w- c:\users\Anthony\AppData\Roaming\Freecorder 6 Video
2012-08-02 20:48 . 2012-08-02 20:48 -------- d-----w- c:\users\Anthony\AppData\Local\Freecorder 6 Converter
2012-08-02 20:45 . 2012-08-02 20:45 -------- d-----w- c:\users\Anthony\AppData\Roaming\Freecorder 6 Converter
2012-08-02 20:45 . 2012-08-25 01:55 -------- d-----w- c:\users\Anthony\AppData\Local\Jaksta_Technologies_Pty_L
2012-08-02 20:35 . 2012-08-02 20:35 -------- d-----w- c:\program files\Applian Technologies
2012-08-02 20:34 . 2012-08-02 20:51 -------- d-----w- c:\programdata\WeCareReminder
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 00:52 . 2012-03-30 20:17 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-25 00:52 . 2011-08-28 22:56 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-07-17 00:58 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2011-09-06 20:31 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-15 20:56 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-15 20:56 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-15 20:56 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-26 10:58 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-26 10:58 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-26 10:58 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-26 10:58 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-26 10:58 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-26 10:58 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-26 10:58 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-26 10:58 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:12 . 2012-06-26 10:58 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-15 20:56 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-15 20:56 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-14 00:17 . 2012-08-25 01:00 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2012-07-13 05:27 369784 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"SugarSync"="c:\program files\SugarSync\SugarSyncManager.exe" [2012-07-13 9798776]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-02-18 109296]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-09 7539232]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"Nuance OmniPage 17-reminder"="c:\program files\Nuance\OmniPage17\Ereg\Ereg.exe" [2008-11-03 54560]
"ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2010-10-23 139264]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2009-12-22 1092872]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-11-25 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Anthony\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-9-14 984352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 86545791
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - WS2IFSL
*Deregistered* - 86545791
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 00:52]
.
2012-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2401214282-1098981543-2560420193-1000Core.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 00:31]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2401214282-1098981543-2560420193-1000UA.job
- c:\users\Anthony\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-13 00:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtBtAtB0Ezz0F0FtBtAzztN0D0Tzu0CtBtCyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1717339342
uInternet Settings,ProxyOverride = <local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 24.178.162.3 66.189.0.100 24.217.201.67
FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\jiinnw28.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 21:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-29 21:20:03
ComboFix-quarantined-files.txt 2012-08-30 01:20
ComboFix2.txt 2012-08-28 21:54
.
Pre-Run: 253,383,471,104 bytes free
Post-Run: 253,662,871,552 bytes free
.
- - End Of File - - B0C23C2D6B3ACC36AC2772AFCA0386DE

Edited by Justin711, 29 August 2012 - 08:26 PM.


#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 29 August 2012 - 08:30 PM

After running these programs, i still cant open firefox word, or chrome,


what happens when you try and run these programs

give your computer a reboot and try again

give me the exact error message you receive

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 August 2012 - 08:43 PM

WOAH! as soon as i rebooted my comptuer, everything is working! Thanks!!!!!!!!!!!!!! :) :thumbsup: :woot:

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 29 August 2012 - 08:50 PM

ok great,

please run the Farbar Service Scanner (instructions above)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 August 2012 - 08:55 PM

as soon as i get acsess to my flash drive on sunday, i will.

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:34 PM

Posted 29 August 2012 - 09:01 PM

sorry, I should have been clearer.

we don't need to run FRST any more (the very first instruction) there's always more than one way to remove malware)


I'm looking for the Farbar Service Scanner log from this post

http://www.bleepingcomputer.com/forums/topic466465.html/page__view__findpost__p__2823609

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 Justin711

Justin711
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 29 August 2012 - 09:13 PM

Farbar Service Scanner Version: 06-08-2012
Ran by Anthony (administrator) on 29-08-2012 at 22:13:00
Running from "C:\Users\Anthony\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2011-11-09 04:57] - [2011-09-20 17:02] - 0913280 ____A (Microsoft Corporation) 16731B631F28F63CD9F4CB60940E7DDD

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users